AD authorisation slow

Discussion in 'Active Directory' started by Gonzo, Jul 6, 2009.

  1. Gonzo

    Gonzo Guest


    I'm been told to investigate why our LDAP authorisation is slow, where do I
    start? We use AD 2003 and have 3 DC's and one offsite.

    Authentication is fast, but I'm not even to sure what they mean by
    Gonzo, Jul 6, 2009
    1. Advertisements

  2. In context, I would assume to associate authentication and authorization in the terms of trying to connect to a printer, folder share or other resources. But I am not sure, and I would highly suggest to ask what they mean by 'authorization' to gain a better understanding of the support ticket or complaint.

    Without specific configuration information not provided in your post, I can't diagnose it specifically, but I can provide the basic guidelines with AD and DNS to help avoid any issues with AD (authentication, logons, replication, etc), are:

    1. Make absolutely sure there are no ISP's DNS or the router used as a DNS address in any machines inside your network. This includes the DCs, member servers and workstations. Make sure DHCP Option 006 only has the internal DNS servers listed.
    2. Make sure none of the DCs are multihomed (more than one NIC and/or IP) or numerous issues can result.
    3. In a single domain forest, make sure all DCs are GCs,
    4. Best practices, and based on efficient functionality, suggests the first DNS entry on a DC should be itself, then another DC as the second.
    5. Make sure the AD DNS domain name is not a single label name such as 'domain,' rather than the required minimal of ',' 'domain.local,' etc, or expect numerous issues.

    There's more, that this is the basis.

    I hope that helps.


    This posting is provided "AS-IS" with no warranties or guarantees and confers no rights.

    Please reply back to the newsgroup/forum to benefit from collaboration among responding engineers, as well as to help others benefit from your resolution.

    Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
    Microsoft Certified Trainer

    For urgent issues, you may want to contact Microsoft PSS directly. Please check for regional support phone numbers.
    Ace Fekay [Microsoft Certified Trainer], Jul 6, 2009
    1. Advertisements

  3. Hello Gonzo,

    Please be more specific about authorisation, think you mean authentication
    during logon? There can be multiple reasons for slow logons, DNS, GPOs, WAN

    Best regards

    Meinolf Weber
    Meinolf Weber [MVP-DS], Jul 7, 2009
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.